Information Stealer - Malware Analysis (PowerShell to .NET)
HTML-код
- Опубликовано: 8 июн 2021
- If you would like to support the channel and I, check out Kite! Kite is a coding assistant that helps you code faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?... (disclaimer, affiliate link) Come play the June 22nd GuidePoint Security CTF! www.guidepointsecurity.com/re...
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: johnhammond010@gmail.com
Discord: johnhammond.org/discord
Twitter: / _johnhammond
GitHub: github.com/JohnHammond
finally some malware analysis
yes Im so excited, i am a system admin in my day, and I wouldn't change that for almost anything, malware analysis would be one of those things
a' s' s' comm
Love it!!!! It's nice to see the methodology in real time and to see some of the tools I practice with in action.
Thank you for this, John. My EDR detected this at a client’s endpoint. Thanks for your help.
Awsome Video, watched alot of your work and the indepth explaination (which i'm sure you do often) was particularly helpful in explaining, to a novice like me, your process and thinking on this one. Love the content 👍
Great content, awesome presentation had a blast watching the video - Thanks John!
Thanks mate, I really appreciate your work and how you do it!
Thanks for the dive into it. please do more!
When you were trying the login page, it wasn't 'login?' it was '/j/login?' the subdirectory you missed was probably important :)
damn so easy to miss something out.
Yeah, this version called Jupyter so its /j/login John should have tried /m/login because his version was called Mars. No Dirbuster needed :D
FINALLY, Some good malware videos
Yeah, outro music is dope!!! Nice analysis John! hope one day I'll reach some of your knowledge. Keep up!
Great content love these videos!
thanks john, love the vids.
Great video. I enjoy your analysis of these programs. I am currently analyzing the happy99 worm.
Kudos to Lenny for developing Remnux to enable malware profiling.
Great video! Thanks for the REMnux link :)
Awesome as usual 😁👍
Waiting for the next video!
John is in full mood. Laughed really hard watching this. xD
The outro was some awesome !!
"NO! TAKE ME BACK, I DIDN'T MEAN IT!" 🤣🤣
That's why I love watching your videos
There are people who grab knowledge and then there are people like John Hammond who share knowledge to grab knowledge and serve the community...
Loving this malware analysis. More, give me more!!!!......... please haha
amazing
the youtube algorithm thing john told me to do!!
It works better if you add words from the title to the comment too... I AM HAX!
This hair cut suits you John, Keep it
This is my first time following along. I was given a sha-256 hash to look up for a job application and it led to a newer version of yellow cockatoo. From what I see, it looks pretty similar to what is being reverse engineered here. When I do a trid on stage2.dll it identifies an executable but not a .net. I still tried to put it in ILSpy but I'm kind of lost. Anyone know if it doesn't show as .NET assembly in trid/file it won't work in ILSpy. Also, anyone have any good noob documentation for using ILSpycmd?
Nerd lore... LOL... I figured that Deimos was one of the moons of Mars from the gate lol. Thanks for another great video!
John it's time to write a PS beautifier!!
hi John, Love your Channel. Can you do something about Stuxnet? Would be amazing!
Hello john 🙋♂️!!! Big Fan... Stay Sweet...
So I have been trying to get into your discord, but it tells me that it can't be reached. So I am wondering if this is one of those test things to see if you can find the link hidden somewhere in the HTML and I kinda just want to verify that before I go digging around in John's website to try and find a hidden discord link.
Doesn’t free Any Run only go for 60 seconds, so if the script takes longer, any run stops before it ends?
you can add 60 seconds at a time
You can add time but it maxes at 5 minutes I think
Can you do malware analysis for the noEscape.exe
That was 👏
👏👏👏👏👏👏👏
Just like in the movie/tv series "The Net": Look, a virus! Hmm, let's see what makes it tick :)
Loving the new haircut :)
very instresting
Wonder how many traffic watchers noticed encrypted traffic being sent through port 80 >.>
Anyone in the info and sec field have any tips on what certs to try to have before finishing college. I am currently working towards my associates degree and have only 2 semesters left but plan on taking an extra semester. Within this extra semester I want to try and get a cert in a comp language but not really sure which one just yet. TIA!
43:26 The descent into madness is nigh 👀😂.
Hey guys. Here before the premiere :)
ive been looking for hours but i really didnt find who tf asked !!
I would absolutely run gobuster against that IP :) No questions asked.
seems to be an index page for that ip now 🤔
Can a Student participate in the GuidePoint security Ctf because there is Input box for Job Title ?
Absolutely, you can put "Student" :) The game is open to anyone!
Okayy Thank you : )
Participating in ctf offer you jobs? 🤔🤔
@@_JohnHammond I'm still really green, I'm working on my net+, do you think I could pull something from it or not jump the gun
You can add time up to 4-5 min for free in any run
why you dont use Kali?
Which Firefox extensions is he using? Anyone knows?
Did you learn python3 or not? :D
Guys do you know? Is it illegal to run dirbuster on a foreign IP address? :D Just curious
Depends on your local jurisdiction
Thank you
Where can I get this ps file?
Hi John mame🔥
Awesome malware analysis. It’s just a bit advance for me though 😅 could you do some more of this but for newbies? Awesome work as always 👏
I don't think it can be made for newbies as malwares usually try to hide their stuff to avoid being discovered even by people who know their stuff. Maybe learning powershell's basics and watching more of his videos would help you?
@@louisrobitaille5810 yeah I realized that as soon as I made the comment but didn’t want to delete it 😅 but yeah you’re right and I’m doing that
How to open all apps creation.
Canr 2+3+4?
"What's happening computer 😑" 🤣
Why is so commom to see base64? Is there any advantage to encoded that way?
the main reason you see base64 a lot is its a common way to obfuscate ( make hard to read) code, as far as im aware, someone correct me if im wrong
Will Ass Comm be the new insider?
It's a me.. Brute force your I/O.
AnsiMF!!
Cnn? files open master
hello there
MORE MALAWARE
At face value it looks like Romanians borrowed something Russian and modified it. Of course nothing about attribution should be regarded as that simple.
🤴🤴🤴🤴🤴🤴🤴🤴🤴🖤🖤🖤🖤
Tails ;) john sus
f# ?
how does he reply to live chat even though he is not typing?
5:20 What does Basic from visual basic mean
im here to leverage natural language while sacrificing security for load balancing. dont mind me.
Seriously, how is he replying to chat while scripting. Is this pre recorded?
9:31 that was byte count for PII formatting?
Why is tamil usually language of choice for hacking tutorials?
d4.
:D
i hope that this isn't your main machine...
Because one time i will be making malware specially for you to be fooled by... :p
(I subbed and hit that bell after your bat obfuscation video, so no worries)
Joker😂
Little better understanding for you are talking.
You're not factorization .
you have in the lod balance server files your not development there files comming.
On lod balance attending.
Hey John, you're not the only one, but also you have severe mic popping issues. It's terrible to listen to on a audio installation with a sub-woofer or headphones. Please adjust your mic and/or filter lower frequencies.
or a pop filter
didnt notice that running OTT, Highpass >128 hz with EqualizerAPO :)
Bufr funs ,satchrdatabase